Back to bug 2181621
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Nick Tait | 2023-03-24 19:33:46 UTC | Depends On | 2181623 | |
| Nick Tait | 2023-03-24 19:33:59 UTC | CC | eglynn, jjoyce, lhh, mburns, mgarciac, rhos-maint, spower | |
| Nick Tait | 2023-03-24 19:50:25 UTC | Doc Text | An information leak was discovered in openstack heat. The get stack environment API doesn't mask hidden parameter values. A malicious system user can get sensitive data by this API even though encrypt_parameters_and_properties option is set to true. All VMs deployed by this heat template may be compromised. |
|
| Nick Tait | 2023-03-24 20:01:54 UTC | Doc Text | An information leak was discovered in openstack heat. The get stack environment API doesn't mask hidden parameter values. A malicious system user can get sensitive data by this API even though encrypt_parameters_and_properties option is set to true. All VMs deployed by this heat template may be compromised. | An information leak was discovered in OpenStack heat. A remote, authenticated attacker could issue the 'stack show' command thereby revealing parameters which are supposed to remain hidden. This could have a low impact to confidentiality, integrity, and availability of the system. |
| Nick Tait | 2023-03-24 20:11:57 UTC | Depends On | 2181644, 2181643, 2181642 | |
| Paige Jung | 2023-03-24 20:39:19 UTC | Doc Text | An information leak was discovered in OpenStack heat. A remote, authenticated attacker could issue the 'stack show' command thereby revealing parameters which are supposed to remain hidden. This could have a low impact to confidentiality, integrity, and availability of the system. | An information leak was discovered in OpenStack heat. This issue could allow a remote authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. |
| Nick Tait | 2023-03-25 17:16:29 UTC | Doc Text | An information leak was discovered in OpenStack heat. This issue could allow a remote authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. |
| Red Hat Bugzilla | 2023-07-07 08:32:46 UTC | Assignee | security-response-team | nobody |
Back to bug 2181621